Brexit: ‘No known data breaches’ of EU citizens’ digital status since programme launch, minister claims

Written by Sam Trendall on 20 September 2022 in News

Home Office databases have not been compromised, according to Tom Pursglove

Credit: Stux/Pixabay

There have been “no known data breaches” of the digital status of almost six million EU nationals living in the UK, a minister has claimed.

The Settled Status Scheme for citizens of EU countries was first unveiled in 2018, with applications concluding on 30 June 2021. The programme has granted settled or pre-settled status to more than 5.9 million people – double the oft-cited figure of three million EU nationals who, as of the Brexit vote of 2016, were estimated to reside in the UK.

All of those granted the right to remain in the UK can only demonstrate their immigration status digitally – with calls for the government to issue paper documentation having thus far proved unsuccessful. Moreover, the Home Office has pledged that the programme represents the first step in a longer-term objective to eliminate all physical immigration documents over the coming years and replace them with digital methods, such as electronic visas.

Since the inception of the EU settlement scheme, many politicians and campaign groups have criticised the decision to adopt a digital-only approach – including one parliamentary committee that warned the Home Office that the programme had “clear parallels with Windrush”.

Related content

Concerns have also raised about data security of the digital documents, which holders need to access every time they need to demonstrate their right to live and work in this country, such as when renting a property, or applying for a job.

But, according to Home Office minister Tom Pursglove, the department has not encountered a single serious data breach of EU citizens’ digital immigration status in the four years – and counting – since the settled status programme was unveiled.

“We have no known data breaches relating to digital immigration status that have been reported to the Information Commissioner’s Office since the launch of the EU Settlement Scheme [on[ 28 August 2018,” he said, in answer to a written parliamentary question from SNP member Stuart McDonald.

Pursglove, who was moved to a junior ministerial post at the Home Office as part of new prime minister Liz Truss’s opening reshuffle, added that – if any breach did take place – the department has stringent response measures in place. 

“We handle data breaches extremely seriously and if they occurred, they would be reported and raised with relevant teams in accordance with Home Office data-handling procedures,” he said. “All such incidents would then be referred to the relevant data protection officer to investigate and assess against the data protection legislation to determine next steps and raise to the ICO if necessary.”


About the author

Sam Trendall is editor of PublicTechnology. He can be reached on

Share this page




Please login to post a comment or register for a free account.

Related Articles

Interview: CDDO chief Lee Devlin on the ‘move from being disruptive to collaborative’
23 May 2023

In the first of a series of exclusive interviews, the head of government’s ‘Digital HQ’ talks to PublicTechnology about the Central Digital and Data Office’s work to unlock £8bn...

IT issues with Home Office casework system have halved in recent months, immigration minister claims
26 April 2023

Department has seen impact of ‘IT stabilisation’ according to Robert Jenrick

Consultation reveals widespread opposition to proposed data-sharing laws for government login system
26 May 2023

Overwhelming majority of respondents voice disapproval but government will press on with plans to bring forward legislation

UK aid watchdog reveals difficulties caused by FCDO’s ‘dysfunctional’ IT systems
26 May 2023

ICAI annual report says it has been stymied in its ability to recruit people or pay contractors following departmental merger

Related Sponsored Articles

Proactive defence: A new take on cyber security
16 May 2023

The traditional reactive approach to cybersecurity, which involves responding to attacks after they have occurred, is no longer sufficient. Murielle Gonzalez reports on a webinar looking at...